Data Segmentation Overview
Data segmentation provides global administrators the ability to create record-level security controls for their data. Data segmentation is a least-privileged way to scope non- Org Admin users’ access to data so you can delegate administration to identities beyond the Org Admin.
Previously, when a user was granted any given piece of Identity Security Cloud access in the UI, they were also granted access to any piece of information that UI can access. This means that there were specific objects like access model items, identities, access items in the Request Center, etc. that should have limited visibility that were instead visible globally to anyone granted sub-administrator rights.
Organization administrators can now define segments that grant smaller chunks of admin access to different users, allowing you to spread out admin functionality to distributed teams. Data segmentation provides you with a policy driven, least privilege, data-level security control for administering entitlements. Data segmentation also makes it easier for sub-administrators to perform their work, because the only records available to them are those which they should have access to. Recipients of segment access can name, describe, create, manage configurations for, and maintain only those entitlements that they are granted access to.
Important
Data segmentation only grants users the ability to see designated objects. It does not remove visibility.
To use data segmentation, complete the following:
- Enable the data segmentation feature.
- Create data segments.
- Publish and enable your data segments.
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.